What can I check postinstall to verify a PIM Endpoint is setup correctly?

book

Article ID: 37977

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Question: 

After setting up an Privileged Identity Manager endpoint how can I verify the client is communicating to the management servers? 

Answer: 

#1. Check /opt/CA/AccessControl/bin/issec for running processes. 

Expected: 

[[email protected] ]# issec 

CA ControlMinder version 12.8 installed in /opt/CA/AccessControl_128SP0_1432 

VeRsIoN: 12.80-0 (1432) Compiled On:Nov 14 2013 23:06:37 Kernel: 2.6.18-8.el5-RH5 _LINUX50ASX86_64.X86_64 STOP 30032 

CA ControlMinder kernel extension is loaded. 

CA ControlMinder security daemon is running, pid=6583 (security) 

CA ControlMinder watchdog daemon is running, pid=6593 (watchdog) 

CA ControlMinder agent daemon is running, pid=6586 (agent) 

CA ControlMinder serevu daemon is not running. 

CA ControlMinder selogrd daemon is not running. 

CA ControlMinder selogrcd daemon is not running. 

CA ControlMinder eacws daemon is not running. 

CA ControlMinder ReportAgent daemon is running, pid=6987 (ReportAgent ) 

CA ControlMinder AgentManager daemon is running, pid=6459 (AgentManager ) 

CA ControlMinder policyfetcher daemon is running, pid=6996 (policyfetcher ) 

CA ControlMinder KBLAudMgr daemon is running, pid=6595 (seagent ) 

CA ControlMinder auxiliary daemon is not running. 

CA ControlMinder AgentManager daemon is running, pid=6466 (/opt/CA/AccessControlShared/bin/AgentManager -watchdog) 

 

Please confirm that the 3 mains demons have started: security, watchdog, and agent. Depending on features the other deamons 

 

#2. cat /var/log/messages | grep Successfully 

 

Expected: 

[[email protected] ]# cat /var/log/messages | grep Successfully 

Feb 11 15:09:18 Linux AgentManager[6459]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243 

Feb 11 15:09:20 Linux AgentManager[6459]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243 

Feb 11 15:09:20 Linux AgentManager[6466]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243 

Feb 11 15:13:13 Linux ReportAgent: Successfully connected to the Distribution Server ssl://DS_SERVER:7243 

 

You will see AgentManager connections. This confirms that the endpoint is setup to register itself as a AC for PUPM endpoint. (INSTALL_PUPM="yes" in the params file) 

If you setup the endpoint to send audit events (ENABLE_ELM="yes" in the parmas file) you will see a ReportAgent connection. If not, then no ReportAgent connection will be seen. 

 

 

#3. cat /opt/CA/AccessControl/log/policyfetcher.log | grep successfully 

 

Expected: 

[[email protected] ]# cat /opt/CA/AccessControl/log/policyfetcher.log | grep successfully 

15:13:[email protected] 11 2016 - policyfetcher initialized successfully. 

15:13:[email protected] 11 2016 - successfully connected to host "[email protected]_SERVER.ca.com" 

03:13:23 [email protected] 11 2016 - successfully sent heartbeat to DH 

03:13:23 [email protected] 11 2016 - successfully reset endpoint events at DH 

03:13:23 [email protected] 11 2016 - successfully connected to host "localhost" 

03:13:28 [email protected] 11 2016 - successfully connected to host "[email protected]_SERVER.ca.com" 

 

Checking to make sure we can connect to the DH__ (last line) confirms that the endpoint will register itself for policies. This is INSTALL_APMC="yes" in the parms file. It confirms DH_NAME is set correctly.

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component: